Trojaner auf Rechner

#1 Hallo zusammen,

also ich hab als Virenprogramm PandaSecurity. Diese Software hat einen Trojaner gefunden:

Virus erkannt: Generic Trojan

unter dem Pfad: c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\ey8vlll7\upgrade[1].cab[upgrade.exe][questscan.exe]

ABER schon den Ordner temporary internet files gibt es nicht. Ich habe die Datei gesucht und auch versteckte Ordner anzeigen lassen. Ich hab mich auch versuch zu belsen. Bin nicht so das computergenie... also hab ich mir HijackThis runter geladen und online schon auswerten lassen. Zwei Einträge wären gefährlich:

O3 - Toolbar: ??????.??? - {91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
Unbedingt fixen!
Unnötiger (unwirksamer) Eintrag der entfernt werden kann! YNDBAR.DLL - Russian Searchbar, Russian Searchbar

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Neutral Schädlich (2.85 / 5.00)


naja ich hab auch diese files fixiert wie beschrieben aber bei jedem neuen scan sind sie wieder da.

nun die frage. wie krieg ich den trojaner weg und was soll ich mit dieser logfileauswertung anfangen????

#2 Hi
der Fund von Panda ist vermutlich ein Fehlalarm, die HJT-Sachen sind auch nicht kritisch. Kucken wir mal kurz drauf:

1. Installiere Malwarebytes
http://www.malwarebytes.org/
(Download Now)
lasse die Aktualisierung zu, führe einen Quick Scan durch, lasse evtl. Funde von Malwarebytes entfernen und poste anschließend das Log.

2. OTL
http://oldtimer.geekstogo.com/OTL.exe
Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein:

Zitat

netsvcs
msconfig

und klicke auf Scan. Poste die OTL.txt und Extras.txt

#3 Hallo,

vilelen vielen Dank für die Hilfe!!!!!!!!!!


Also als erstes LOG von Malewarebytes (habe Sie schon löschen lassen)



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8040

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

29.10.2011 15:01:58
mbam-log-2011-10-29 (15-01-53).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159575
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879077FBD765B5530AC96 (Malware.Trace) -> Value: SRS_IT_E879077FBD765B5530AC96 -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Und hier von OTL: extras
OTL Extras logfile created on: 29.10.2011 15:12:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adrej
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,32% Memory free
4,00 Gb Paging File | 3,03 Gb Available in Paging File | 75,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,29 Gb Total Space | 33,32 Gb Free Space | 64,95% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 89,88 Gb Free Space | 92,03% Space Free | Partition Type: NTFS

Computer Name: ADREJ-PC | User Name: Sophie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_USERS\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*esigner.exe


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{24FE84E0-B023-02CC-3D0F-F4799C00FA71}" = myphotobook.de
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3538DD8F-A0CF-4CB9-8B38-0963CAA509EA}" = Panda Antivirus Pro 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"DivX Setup.divx.com" = DivX-Setup
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"HijackThis" = HijackThis 2.0.2
"MAGIX Foto Clinic 4.5 D" = MAGIX Foto Clinic 4.5 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Picasa 3" = Picasa 3
"SystemRequirementsLab" = System Requirements Lab
"TuneUp Utilities" = TuneUp Utilities
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 04.09.2011 13:15:43 | Computer Name = Adrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 6.0.0.4240,
Zeitstempel: 0x4e4498c4 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001e002c ID des fehlerhaften
Prozesses: 0xedc Startzeit der fehlerhaften Anwendung: 0x01cc6b26451a50ac Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 84ffc46e-d719-11e0-a53a-001bfb18a0c7

Error - 10.09.2011 14:43:17 | Computer Name = Adrej-PC | Source = CardSpace 3.0.0.0 | ID = 327949
Description = Der Windows CardSpace-Dienst ist ausgelastet und kann die Anforderung
nicht verarbeiten. Für den Benutzer stehen zu viele Anforderungen aus. Additional
Information: bei System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)

bei System.Environment.get_StackTrace() bei Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException
ie) bei Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception
e) bei Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception
e) bei Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)

bei Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity
callerIdentity, Int32 tsSessionId) bei Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle
monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)

bei Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle,
IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error - 19.09.2011 03:47:03 | Computer Name = Adrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TPSrv.exe, Version: 9.2.2.1, Zeitstempel:
0x4da6fcd4 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x364 Startzeit der fehlerhaften Anwendung: 0x01cc76a041a68b1d Pfad der fehlerhaften
Anwendung: C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 901a5dc5-e293-11e0-838a-001bfb18a0c7

Error - 08.10.2011 13:48:31 | Computer Name = Adrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_TapiSrv, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7b96e Ausnahmecode: 0xc0000008 Fehleroffset: 0x00081e17 ID des fehlerhaften
Prozesses: 0x2f4 Startzeit der fehlerhaften Anwendung: 0x01cc85db0738abc6 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: bc14fffe-f1d5-11e0-80a3-001bfb18a0c7

Error - 13.10.2011 15:15:35 | Computer Name = Adrej-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 84c Startzeit: 01cc89d5d6b5a25c Endzeit: 718 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:

Error - 14.10.2011 14:07:08 | Computer Name = Adrej-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 57c Startzeit: 01cc8a8ff075a3c0 Endzeit: 655 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:

Error - 16.10.2011 12:56:43 | Computer Name = Adrej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 7.0.1.4288 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ed8 Startzeit:
01cc8c2462a83a3a Endzeit: 31 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
cc27a197-f817-11e0-b4d0-001bfb18a0c7

Error - 17.10.2011 15:16:34 | Computer Name = Adrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_TapiSrv, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x021b3f6a ID des fehlerhaften
Prozesses: 0x300 Startzeit der fehlerhaften Anwendung: 0x01cc8cd034cc4d29 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 8685175b-f8f4-11e0-bca4-001bfb18a0c7

Error - 23.10.2011 13:29:14 | Computer Name = Adrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 7.0.1.4288,
Zeitstempel: 0x4e83b93a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xe70 Startzeit der fehlerhaften Anwendung: 0x01cc91a93250e683 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 86b0c432-fd9c-11e0-84fe-001bfb18a0c7

Error - 24.10.2011 14:12:18 | Computer Name = Adrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0193002c ID des fehlerhaften
Prozesses: 0x9f0 Startzeit der fehlerhaften Anwendung: 0x01cc927875839fa4 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: b4fb9419-fe6b-11e0-97ad-001bfb18a0c7

[ Media Center Events ]
Error - 21.04.2010 11:52:43 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 17:52:43 - Fehler beim Herstellen der Internetverbindung. 17:52:43
- Serververbindung konnte nicht hergestellt werden..

Error - 21.04.2010 11:52:54 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 17:52:48 - Fehler beim Herstellen der Internetverbindung. 17:52:48
- Serververbindung konnte nicht hergestellt werden..

Error - 05.07.2010 13:51:02 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 19:51:02 - Fehler beim Herstellen der Internetverbindung. 19:51:02
- Serververbindung konnte nicht hergestellt werden..

Error - 05.07.2010 13:51:12 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 19:51:08 - Fehler beim Herstellen der Internetverbindung. 19:51:08
- Serververbindung konnte nicht hergestellt werden..

Error - 30.01.2011 09:38:18 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 14:38:18 - Fehler beim Herstellen der Internetverbindung. 14:38:18
- Serververbindung konnte nicht hergestellt werden..

Error - 30.01.2011 09:39:12 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 14:38:49 - Fehler beim Herstellen der Internetverbindung. 14:38:49
- Serververbindung konnte nicht hergestellt werden..

Error - 12.02.2011 08:04:13 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 13:04:13 - Fehler beim Herstellen der Internetverbindung. 13:04:13
- Serververbindung konnte nicht hergestellt werden..

Error - 12.02.2011 08:04:47 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 13:04:42 - Fehler beim Herstellen der Internetverbindung. 13:04:42
- Serververbindung konnte nicht hergestellt werden..

Error - 13.02.2011 04:45:00 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 09:44:57 - Fehler beim Herstellen der Internetverbindung. 09:45:00
- Serververbindung konnte nicht hergestellt werden..

Error - 13.02.2011 04:45:43 | Computer Name = Adrej-PC | Source = MCUpdate | ID = 0
Description = 09:45:38 - Fehler beim Herstellen der Internetverbindung. 09:45:38
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 27.10.2011 15:17:06 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Panda On-Access Anti-Malware Service" wurde mit folgendem
Fehler beendet: %%1

Error - 28.10.2011 09:12:19 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Panda On-Access Anti-Malware Service" wurde mit folgendem
Fehler beendet: %%1

Error - 29.10.2011 08:47:27 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kryptografiedienste" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.

Error - 29.10.2011 08:47:27 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DNS-Client" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 29.10.2011 08:47:27 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Arbeitsstationsdienst" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.

Error - 29.10.2011 08:47:27 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "NLA (Network Location Awareness)" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
durchgeführt: Neustart des Diensts.

Error - 29.10.2011 08:47:27 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Telefonie" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 29.10.2011 08:49:27 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "DNS-Client" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056

Error - 29.10.2011 09:03:51 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Panda On-Access Anti-Malware Service" wurde mit folgendem
Fehler beendet: %%1

Error - 29.10.2011 09:05:01 | Computer Name = Adrej-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
duudrmkd


< End of report >




OTL:





OTL logfile created on: 29.10.2011 15:12:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adrej
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,32% Memory free
4,00 Gb Paging File | 3,03 Gb Available in Paging File | 75,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,29 Gb Total Space | 33,32 Gb Free Space | 64,95% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 89,88 Gb Free Space | 92,03% Space Free | Partition Type: NTFS

Computer Name: ADREJ-PC | User Name: Sophie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.10.29 15:10:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adrej\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.14 16:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
PRC - [2011.04.13 17:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.10.20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
PRC - [2010.08.16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
PRC - [2010.06.04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
PRC - [2010.05.28 13:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
PRC - [2010.04.22 18:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.12.09 14:44:20 | 000,713,032 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.08.10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe
PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008.06.19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
PRC - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007.02.14 13:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll
MOD - [2004.05.19 11:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\LIBXML2.DLL


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.14 16:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe -- (TPSrv)
SRV - [2010.10.20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010.08.16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010.06.04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2010.06.02 20:16:39 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.22 12:27:16 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.08.10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.06.19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.02.21 14:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010.05.21 13:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010.05.06 17:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2009.12.26 13:15:07 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.26 13:15:06 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.12.19 01:17:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.04 03:59:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.08.13 09:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.07.14 00:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.12.13 18:15:26 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008.06.06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008.05.07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.05.07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007.08.03 06:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.05.23 11:28:36 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007.05.23 11:28:36 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007.04.02 21:47:24 | 000,031,104 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 6F A3 D0 B8 93 CA 01 [binary data]
IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Users\Adrej\Desktop\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.26 22:03:49 | 000,000,000 | ---D | M]

[2011.10.26 22:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33B7AC22-D37E-469E-ABA8-CB3087A5BDE5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8546EE5-6D1F-440F-B23F-73C12BEA8E9E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D35DD0C7-8BE2-4B07-99D7-D5794E9A6F99}: DhcpNameServer = 212.23.97.3 212.23.97.2
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2c6b12b3-3536-11df-bb0e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{2c6b12b3-3536-11df-bb0e-001bfb18a0c7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2c6b1326-3536-11df-bb0e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{2c6b1326-3536-11df-bb0e-001bfb18a0c7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{50507015-076b-11df-ad2e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{50507015-076b-11df-ad2e-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5050701a-076b-11df-ad2e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{5050701a-076b-11df-ad2e-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{50507032-076b-11df-ad2e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{50507032-076b-11df-ad2e-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{50507039-076b-11df-ad2e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{50507039-076b-11df-ad2e-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7e813411-1954-11df-b597-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{7e813411-1954-11df-b597-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{92f39179-396b-11df-ba67-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{92f39179-396b-11df-ba67-001bfb18a0c7}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{c2bf1418-ec2c-11de-a422-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{c2bf1418-ec2c-11de-a422-001bfb18a0c7}\Shell\AutoRun\command - "" = F:\MafiaLauncher.EXE
O33 - MountPoints2\{d0adf66e-10ca-11df-b899-0013a9c3843c}\Shell - "" = AutoRun
O33 - MountPoints2\{d0adf66e-10ca-11df-b899-0013a9c3843c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d4009ba1-09bb-11df-ac7f-0013a9c3843c}\Shell - "" = AutoRun
O33 - MountPoints2\{d4009ba1-09bb-11df-ac7f-0013a9c3843c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found
MsConfig - State: "startup" - 2

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.10.29 15:10:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Adrej\OTL.exe
[2011.10.29 14:55:08 | 000,000,000 | ---D | C] -- C:\Users\Adrej\AppData\Roaming\Malwarebytes
[2011.10.29 14:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.29 14:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.29 14:54:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.29 14:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.26 23:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011.10.26 23:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.10.26 22:39:34 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.10.26 22:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011.10.26 22:15:10 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011.10.26 22:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.10.26 22:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011.10.26 11:55:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.10.26 11:55:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.26 11:55:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.26 11:55:52 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.26 11:55:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.15 22:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\P
[2011.10.12 15:01:58 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.12 15:01:57 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.12 15:01:40 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\Adrej\AppData\Local\*.tmp files -> C:\Users\Adrej\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.10.29 15:10:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adrej\OTL.exe
[2011.10.29 15:09:56 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.29 15:09:56 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.29 15:09:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.29 15:04:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.29 15:04:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.29 14:55:01 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.27 19:26:08 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.10.27 14:07:08 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.27 14:07:08 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.27 14:07:08 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.27 14:07:08 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.26 22:39:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.10.12 18:26:37 | 000,452,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.01 04:42:56 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[1 C:\Users\Adrej\AppData\Local\*.tmp files -> C:\Users\Adrej\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.10.29 14:55:01 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.30 20:18:03 | 000,000,250 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2011.07.22 22:00:50 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.05.19 08:11:06 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.05.19 08:09:51 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.29 20:07:02 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SensApid.dll
[2010.08.12 18:37:29 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.03 21:21:10 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.03.30 19:54:25 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.03.30 19:54:25 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.03.11 05:00:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.02.22 13:04:09 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.02.22 13:04:09 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.26 13:15:07 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.12.26 13:15:06 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.12.20 23:09:01 | 000,007,602 | ---- | C] () -- C:\Users\Adrej\AppData\Local\Resmon.ResmonCfg
[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,452,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2003.04.16 14:49:16 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2003.04.16 14:49:16 | 000,233,472 | R--- | C] () -- C:\Users\Adrej\AppData\Roaming\MafiaSetup.exe
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2010.05.30 21:08:54 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Canon
[2010.03.11 00:32:56 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\CoSoSys
[2009.12.19 15:43:54 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\DAEMON Tools Lite
[2011.03.08 20:38:05 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.03.18 20:43:53 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\fotobuch.de AG
[2010.06.03 21:21:13 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\FreeAudioPack
[2011.07.27 19:23:27 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\gtk-2.0
[2011.09.04 17:34:02 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Hardcore
[2010.03.11 05:03:53 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\MAGIX
[2010.09.07 20:40:08 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Nokia
[2010.09.07 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Nseries
[2010.02.15 06:19:47 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Opera
[2011.08.30 20:17:12 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Panda Security
[2010.09.07 20:57:41 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\PC Suite
[2010.03.11 04:46:07 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Propellerhead Software
[2010.02.22 13:03:54 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Samsung
[2010.05.30 21:24:41 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Skinux
[2010.02.14 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Sony
[2010.02.14 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Sony Setup
[2010.02.13 03:42:48 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Tific
[2010.02.22 12:27:07 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\TuneUp Software
[2010.02.03 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\uTorrent
[2009.12.19 01:18:12 | 000,000,000 | ---D | M] -- C:\Users\Adrej\AppData\Roaming\Yandex
[2011.10.02 19:17:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Danke!!!!!!!!!

#4 Hi

Ein paar Sachen in den Logs sind etwas merkwürdig. Kucken wir mal.

Alle Tools, die wir einsetzen, bitte mit Rechtsklick "Als Administrator starten"

1. Starte OTL, kopiere unten in das Skript-Feld rein:

Zitat

:OTL
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2078229583-1541949417-2836490015-1000\..\Toolbar\WebBrowser: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{2c6b12b3-3536-11df-bb0e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{2c6b12b3-3536-11df-bb0e-001bfb18a0c7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2c6b1326-3536-11df-bb0e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{2c6b1326-3536-11df-bb0e-001bfb18a0c7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{50507015-076b-11df-ad2e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{50507015-076b-11df-ad2e-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5050701a-076b-11df-ad2e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{5050701a-076b-11df-ad2e-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{50507032-076b-11df-ad2e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{50507032-076b-11df-ad2e-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{50507039-076b-11df-ad2e-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{50507039-076b-11df-ad2e-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7e813411-1954-11df-b597-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{7e813411-1954-11df-b597-001bfb18a0c7}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{92f39179-396b-11df-ba67-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{92f39179-396b-11df-ba67-001bfb18a0c7}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{c2bf1418-ec2c-11de-a422-001bfb18a0c7}\Shell - "" = AutoRun
O33 - MountPoints2\{c2bf1418-ec2c-11de-a422-001bfb18a0c7}\Shell\AutoRun\command - "" = F:\MafiaLauncher.EXE
O33 - MountPoints2\{d0adf66e-10ca-11df-b899-0013a9c3843c}\Shell - "" = AutoRun
O33 - MountPoints2\{d0adf66e-10ca-11df-b899-0013a9c3843c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d4009ba1-09bb-11df-ac7f-0013a9c3843c}\Shell - "" = AutoRun
O33 - MountPoints2\{d4009ba1-09bb-11df-ac7f-0013a9c3843c}\Shell\AutoRun\command - "" = G:\AutoRun.exe


:Commands
[emptytemp]
[emptyflash]
[resethosts]

und klicke auf Run Fix. Poste bitte das Fix-Log.

2.

Lade bitte diese Datei zu VirusTotal http://www.virustotal.com/

Zitat

C:\Windows\System32\MafiaSetup.exe

und poste den Link zum Ergebnis.

3.
Lade aswmbr von avast! herunter
http://public.avast.com/~gmerek/aswMBR.exe
Starte das Programm
Wähle Nein bei der Frage nach zusätzlichem Herunterladen von avast
Klicke auf Scan
Klicke nach dem Scan auf Save Log, speichere es ab und poste es hier (noch nichts "Fixen")

4.
Gmer
http://www.gmer.net/
Gmer downloaden, ausführen. Falls eine Abfrage kommt, ob wegen Rootkit-Aktivitäten ein vollständiger Systemscan erwünscht ist, No wählen. Auf der rechten Seite Häkchen entfernen bei
Allen Laufwerken außer C:
Show All
Auf Scan klicken und das Ende des Scans abwarten. Mit Save kann das Log abgespeichert werden, dieses Log bitte posten.

#5 Hi,

1. OLG Log

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{91397D20-1446-11D4-8AF4-0040CA1127B6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2078229583-1541949417-2836490015-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91397D20-1446-11D4-8AF4-0040CA1127B6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91397D20-1446-11D4-8AF4-0040CA1127B6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c6b12b3-3536-11df-bb0e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c6b12b3-3536-11df-bb0e-001bfb18a0c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c6b12b3-3536-11df-bb0e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c6b12b3-3536-11df-bb0e-001bfb18a0c7}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c6b1326-3536-11df-bb0e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c6b1326-3536-11df-bb0e-001bfb18a0c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c6b1326-3536-11df-bb0e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c6b1326-3536-11df-bb0e-001bfb18a0c7}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50507015-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50507015-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50507015-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50507015-076b-11df-ad2e-001bfb18a0c7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5050701a-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5050701a-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5050701a-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5050701a-076b-11df-ad2e-001bfb18a0c7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50507032-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50507032-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50507032-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50507032-076b-11df-ad2e-001bfb18a0c7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50507039-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50507039-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50507039-076b-11df-ad2e-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50507039-076b-11df-ad2e-001bfb18a0c7}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e813411-1954-11df-b597-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e813411-1954-11df-b597-001bfb18a0c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e813411-1954-11df-b597-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e813411-1954-11df-b597-001bfb18a0c7}\ not found.
File G:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92f39179-396b-11df-ba67-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92f39179-396b-11df-ba67-001bfb18a0c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92f39179-396b-11df-ba67-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92f39179-396b-11df-ba67-001bfb18a0c7}\ not found.
File F:\setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2bf1418-ec2c-11de-a422-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2bf1418-ec2c-11de-a422-001bfb18a0c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2bf1418-ec2c-11de-a422-001bfb18a0c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2bf1418-ec2c-11de-a422-001bfb18a0c7}\ not found.
File F:\MafiaLauncher.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0adf66e-10ca-11df-b899-0013a9c3843c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0adf66e-10ca-11df-b899-0013a9c3843c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0adf66e-10ca-11df-b899-0013a9c3843c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0adf66e-10ca-11df-b899-0013a9c3843c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4009ba1-09bb-11df-ac7f-0013a9c3843c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4009ba1-09bb-11df-ac7f-0013a9c3843c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4009ba1-09bb-11df-ac7f-0013a9c3843c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4009ba1-09bb-11df-ac7f-0013a9c3843c}\ not found.
File G:\AutoRun.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adrej
->Temp folder emptied: 72538 bytes
->Temporary Internet Files folder emptied: 3959485 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 8159312 bytes

Total Files Cleaned = 12,00 mb


[EMPTYFLASH]

User: Adrej
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[resethosts> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 10302011_152213

Files\Folders moved on Reboot...
C:\Users\Adrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VOV8WYCA\t41722[2].htm moved successfully.
C:\Users\Adrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AT9SWV0E\ads[3].htm moved successfully.
File\Folder C:\Users\Adrej\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...

#6 2. Mafia Setup, war glaube nen Spiel:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: 485c406f6f68bbcdb0e48dba53eb6ed1
Date first seen: 2009-06-12 23:19:33 (UTC)
Date last seen: 2011-07-26 18:49:05 (UTC)
Detection ratio: 0/43

#7 3. Avast:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-30 15:13:58
-----------------------------
15:13:58.642 OS Version: Windows 6.1.7601 Service Pack 1
15:13:58.642 Number of processors: 2 586 0xF0D
15:13:58.642 ComputerName: ADREJ-PC UserName: Sophie
15:13:58.939 Initialize success
15:14:02.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
15:14:02.045 Disk 0 Vendor: ST9160821AS 3.ALC Size: 152627MB BusType: 11
15:14:04.073 Disk 0 MBR read successfully
15:14:04.073 Disk 0 MBR scan
15:14:04.073 Disk 0 Windows 7 default MBR code
15:14:04.088 Disk 0 scanning sectors +312576000
15:14:04.166 Disk 0 scanning C:\Windows\system32\drivers
15:14:18.284 Service scanning
15:14:20.843 Service ShldDrv C:\Windows\C:\Windows\system32\Drivers\ShlDrv51.sys **LOCKED** 123
15:14:20.858 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:14:21.482 Modules scanning
15:14:30.468 Disk 0 trace - called modules:
15:14:30.483 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84e961f8]<<
15:14:30.499 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cf5030]
15:14:30.499 3 CLASSPNP.SYS[893a359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85be6030]
15:14:30.515 \Driver\atapi[0x85bcd1e8] -> IRP_MJ_CREATE -> 0x84e961f8
15:14:30.530 Scan finished successfully
15:14:45.881 Disk 0 MBR has been saved successfully to "C:\Users\Adrej\Desktop\MBR.dat"
15:14:45.896 The log file has been saved successfully to "C:\Users\Adrej\Desktop\aswMBR.txt"

#8 4. Gmer, alle haken raus außer C und Show all / scan:

no system modification found...

wenn alle haken und c drin:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-30 15:55:05
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST9160821AS rev.3.ALC
Running: 26i1g6d9.exe; Driver: C:\Users\Adrej\AppData\Local\Temp\aglorpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\DRIVERS\PavProc.sys ZwTerminateProcess [0x965C673A]
SSDT \??\C:\Windows\system32\PavSRK.sys ZwWriteVirtualMemory [0x984F1C30]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E76349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EAFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82EB7324 4 Bytes [3A, 67, 5C, 96] {CMP AH, [EDI+0x5c]; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82EB7398 4 Bytes [30, 1C, 4F, 98] {XOR [EDI+ECX*2], BL; CWDE }
? System32\Drivers\spiu.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8E85FDB9 5 Bytes JMP 85FA61D8
? C:\Windows\system32\PavTPK.sys Das System kann die angegebene Datei nicht finden. !
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9657D300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x965C0300, 0x1BEE, 0xE8000020]
? C:\Windows\system32\PavSRK.sys Das System kann die angegebene Datei nicht finden. !
? system32\drivers\av5flt.sys Das System kann den angegebenen Pfad nicht finden. !
.text autochk.exe 004211D1 5 Bytes [8B, 35, 34, E2, 48]
.text autochk.exe 004211D7 20 Bytes [4E, 8D, 4E, 01, 8B, C1, 99, ...]
.text autochk.exe 004211ED 33 Bytes [80, 89, 45, F4, 79, 05, 4A, ...]
.text autochk.exe 00421210 45 Bytes [00, 83, CA, FF, D3, E2, F7, ...]
.text autochk.exe 0042123E 38 Bytes [00, 80, 79, 05, 4E, 83, CE, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!sendto 775A34B5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!closesocket 775A3918 6 Bytes JMP 5F220F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!WSASend 775A4406 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!recv 775A6B0E 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!connect 775A6BDD 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!send 775A6F01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!WSARecv 775A7089 6 Bytes JMP 5F160F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!recvfrom 775AB6DC 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!WSARecvFrom 775ACBA6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!WSAConnect 775ACC3F 6 Bytes JMP 5F130F5A
.text C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe[292] WS2_32.dll!WSASendTo 775BB30C 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Windows\system32\lsm.exe[492] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\lsm.exe[492] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\lsm.exe[492] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\lsm.exe[492] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\lsm.exe[492] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\lsm.exe[492] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\lsm.exe[492] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\lsm.exe[492] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\lsm.exe[492] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Windows\system32\lsm.exe[492] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F970F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F8E0F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FA90F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB20F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FAC0F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA00F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F910F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FA60F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F940F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FB50F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FB80F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Windows\system32\lsm.exe[492] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[492] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Windows\system32\lsm.exe[492] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F8B0F5A
.text C:\Windows\system32\lsm.exe[492] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA30F5A
.text C:\Windows\system32\lsm.exe[492] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Windows\system32\lsm.exe[492] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] kernel32.dll!CreateProcessW 7718204D 5 Bytes JMP 000567AE
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ADVAPI32.dll!CreateProcessAsUserW 775FC592 5 Bytes JMP 000568F6
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!EnableWindow 770B8D02 5 Bytes JMP 6E13A83D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!GetAsyncKeyState 770BA256 5 Bytes JMP 6E13B1EE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!CallNextHookEx 770BABE1 5 Bytes JMP 6E183CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!UnhookWindowsHookEx 770BADF9 5 Bytes JMP 6E23D90F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!SetWindowsHookExW 770BE30C 5 Bytes JMP 6E1D7DD1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!CreateWindowExW 770BEC7C 5 Bytes JMP 6E213894 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!GetKeyState 770C2B4D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!GetKeyState 770C2B4D 5 Bytes JMP 6E140F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!IsDialogMessageW 770C4104 5 Bytes JMP 6E13AD96 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!CreateDialogParamA 770D1F42 5 Bytes JMP 6E34EBB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!IsDialogMessage 770D2019 5 Bytes JMP 6E34E3EE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!DialogBoxParamW 770D3B9B 5 Bytes JMP 6E147F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!CreateDialogIndirectParamA 770D721D 5 Bytes JMP 6E34EC22 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!CreateDialogIndirectParamW 770DEA10 5 Bytes JMP 6E34EC59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!DialogBoxIndirectParamW 770E3B7F 5 Bytes JMP 6E34DF40 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!EndDialog 770E3BA3 5 Bytes JMP 6E13AFEC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!CreateDialogParamW 770E5630 5 Bytes JMP 6E34EBEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!SetKeyboardState 770E695A 5 Bytes JMP 6E34E753 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!SendInput 770E7019 5 Bytes JMP 6E34F378 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!SetCursorPos 770FC1B0 5 Bytes JMP 6E34F3D0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!DialogBoxParamA 770FCF42 5 Bytes JMP 6E34DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!DialogBoxIndirectParamA 770FD274 5 Bytes JMP 6E34DFA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!MessageBoxIndirectA 7710E869 5 Bytes JMP 6E34DE72 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!MessageBoxIndirectW 7710E963 5 Bytes JMP 6E34DE07 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!MessageBoxExA 7710E9C9 5 Bytes JMP 6E34DDA5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!MessageBoxExW 7710E9ED 5 Bytes JMP 6E34DD43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] USER32.dll!keybd_event 7710EC3B 5 Bytes JMP 6E34F703 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!DllRegisterServer + 577 75BB9FB4 4 Bytes [A5, 35, 11, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!DllRegisterServer + 57F 75BB9FBC 4 Bytes [F3, 34, 11, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!DllRegisterServer + 59B 75BB9FD8 4 Bytes [A5, 35, 11, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!DllRegisterServer + 5A3 75BB9FE0 4 Bytes [F3, 34, 11, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!DllRegisterServer + 7F3 75BBA230 4 Bytes [A5, 35, 11, 6E]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!RealDriveType + 1601 75BBFCD4 4 Bytes [A5, 35, 11, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!RealDriveType + 1609 75BBFCDC 4 Bytes [F3, 34, 11, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!RealDriveType + 173D 75BBFE10 4 Bytes CALL 86F1A38A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!RealDriveType + 1745 75BBFE18 8 Bytes [F3, 34, 11, 6E, 17, 73, 10, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!RealDriveType + 1EAD 75BC0580 4 Bytes [A5, 35, 11, 6E]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!ILClone + 135 75BC1818 4 Bytes [A5, 35, 11, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] SHELL32.dll!ILClone + 13D 75BC1820 4 Bytes [F3, 34, 11, 6E]
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ole32.dll!OleLoadFromStream 758F6143 5 Bytes JMP 6E34E293 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ole32.dll!CoCreateInstance 75939D0B 5 Bytes JMP 6E213422 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!sendto 775A34B5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!closesocket 775A3918 6 Bytes JMP 5F220F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!WSASend 775A4406 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!select 775A6989 5 Bytes JMP 00056538
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!recv 775A6B0E 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!connect 775A6BDD 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!send 775A6F01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!WSARecv 775A7089 6 Bytes JMP 5F160F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!recvfrom 775AB6DC 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!WSARecvFrom 775ACBA6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!WSAConnect 775ACC3F 6 Bytes JMP 5F130F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[852] ws2_32.DLL!WSASendTo 775BB30C 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F970F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA30F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[1032] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text E:\Software\26i1g6d9.exe[1160] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text E:\Software\26i1g6d9.exe[1160] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text E:\Software\26i1g6d9.exe[1160] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text E:\Software\26i1g6d9.exe[1160] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text E:\Software\26i1g6d9.exe[1160] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text E:\Software\26i1g6d9.exe[1160] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text E:\Software\26i1g6d9.exe[1160] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text E:\Software\26i1g6d9.exe[1160] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F9D0F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F940F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FAF0F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB80F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FB20F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA60F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F970F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FAC0F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F9A0F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FBB0F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FBE0F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [A1, 5F]
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F910F5A
.text E:\Software\26i1g6d9.exe[1160] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA90F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text E:\Software\26i1g6d9.exe[1160] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text E:\Software\26i1g6d9.exe[1160] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text E:\Software\26i1g6d9.exe[1160] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text E:\Software\26i1g6d9.exe[1160] ole32.dll!CoGetClassObject 759254AD 6 Bytes JMP 5F8B0F5A
.text E:\Software\26i1g6d9.exe[1160] ole32.dll!CoCreateInstanceEx 75939D4E 6 Bytes JMP 5F8E0F5A
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Windows\Explorer.EXE[1208] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Windows\Explorer.EXE[1208] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Windows\Explorer.EXE[1208] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Windows\Explorer.EXE[1208] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Windows\Explorer.EXE[1208] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Windows\Explorer.EXE[1208] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Windows\Explorer.EXE[1208] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Windows\Explorer.EXE[1208] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Windows\Explorer.EXE[1208] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Windows\Explorer.EXE[1208] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F970F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F8E0F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FA90F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB20F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FAC0F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA00F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F910F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FA60F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F940F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FB50F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FB80F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Windows\Explorer.EXE[1208] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1208] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Windows\Explorer.EXE[1208] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F8B0F5A
.text C:\Windows\Explorer.EXE[1208] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA30F5A
.text C:\Windows\Explorer.EXE[1208] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Windows\Explorer.EXE[1208] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!sendto 775A34B5 6 Bytes JMP 5FC70F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!closesocket 775A3918 6 Bytes JMP 5FD90F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!WSASend 775A4406 6 Bytes JMP 5FD30F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!recv 775A6B0E 6 Bytes JMP 5FBE0F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!connect 775A6BDD 6 Bytes JMP 5FBB0F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!send 775A6F01 6 Bytes JMP 5FC40F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!WSARecv 775A7089 6 Bytes JMP 5FCD0F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!recvfrom 775AB6DC 6 Bytes JMP 5FC10F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!WSARecvFrom 775ACBA6 6 Bytes JMP 5FD00F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!WSAConnect 775ACC3F 6 Bytes JMP 5FCA0F5A
.text C:\Windows\Explorer.EXE[1208] WS2_32.dll!WSASendTo 775BB30C 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F970F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1532] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] kernel32.dll!CreateProcessW 7718204D 5 Bytes JMP 017A67AE
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!CreateProcessAsUserW 775FC592 5 Bytes JMP 017A68F6
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!CreateWindowExW 770BEC7C 5 Bytes JMP 6E213894 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F910F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F940F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DialogBoxParamW 770D3B9B 5 Bytes JMP 6E147F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DialogBoxIndirectParamW 770E3B7F 5 Bytes JMP 6E34DF40 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DialogBoxParamA 770FCF42 5 Bytes JMP 6E34DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DialogBoxIndirectParamA 770FD274 5 Bytes JMP 6E34DFA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!MessageBoxIndirectA 7710E869 5 Bytes JMP 6E34DE72 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!MessageBoxIndirectW 7710E963 5 Bytes JMP 6E34DE07 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!MessageBoxExA 7710E9C9 5 Bytes JMP 6E34DDA5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!MessageBoxExW 7710E9ED 5 Bytes JMP 6E34DD43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!sendto 775A34B5 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!closesocket 775A3918 5 Bytes JMP 017A64FE
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!WSASend 775A4406 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!select 775A6989 5 Bytes JMP 017A6538
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!recv 775A6B0E 5 Bytes JMP 017A65AD
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!connect 775A6BDD 5 Bytes JMP 017A647F
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!send 775A6F01 5 Bytes JMP 017A6657
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!WSARecv 775A7089 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!recvfrom 775AB6DC 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!WSARecvFrom 775ACBA6 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!WSAConnect 775ACC3F 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] ws2_32.DLL!WSASendTo 775BB30C 6 Bytes JMP 5FCD0F5A
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F970F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F8E0F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FA90F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB20F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FAC0F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA00F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F910F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FA60F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F940F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FB50F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FB80F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F8B0F5A
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA30F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\Dwm.exe[2000] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Windows\system32\Dwm.exe[2000] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Windows\system32\taskhost.exe[2324] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\taskhost.exe[2324] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\taskhost.exe[2324] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\taskhost.exe[2324] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\taskhost.exe[2324] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\taskhost.exe[2324] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\taskhost.exe[2324] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\taskhost.exe[2324] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\taskhost.exe[2324] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Windows\system32\taskhost.exe[2324] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F970F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F8E0F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FA90F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB20F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FAC0F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA00F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F910F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FA60F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F940F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FB50F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FB80F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F8B0F5A
.text C:\Windows\system32\taskhost.exe[2324] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA30F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\taskhost.exe[2324] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] kernel32.dll!CreateProcessW 7718204D 5 Bytes JMP 001667AE
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] ADVAPI32.dll!CreateProcessAsUserW 775FC592 5 Bytes JMP 001668F6
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!EnableWindow 770B8D02 5 Bytes JMP 6E13A83D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!GetAsyncKeyState 770BA256 5 Bytes JMP 6E13B1EE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!CallNextHookEx 770BABE1 5 Bytes JMP 6E183CA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!UnhookWindowsHookEx 770BADF9 5 Bytes JMP 6E23D90F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!SetWindowsHookExW 770BE30C 5 Bytes JMP 6E1D7DD1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!CreateWindowExW 770BEC7C 5 Bytes JMP 6E213894 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!GetKeyState 770C2B4D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!GetKeyState 770C2B4D 5 Bytes JMP 6E140F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!IsDialogMessageW 770C4104 5 Bytes JMP 6E13AD96 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!CreateDialogParamA 770D1F42 5 Bytes JMP 6E34EBB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!IsDialogMessage 770D2019 5 Bytes JMP 6E34E3EE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!DialogBoxParamW 770D3B9B 5 Bytes JMP 6E147F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!CreateDialogIndirectParamA 770D721D 5 Bytes JMP 6E34EC22 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!CreateDialogIndirectParamW 770DEA10 5 Bytes JMP 6E34EC59 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!DialogBoxIndirectParamW 770E3B7F 5 Bytes JMP 6E34DF40 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!EndDialog 770E3BA3 5 Bytes JMP 6E13AFEC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!CreateDialogParamW 770E5630 5 Bytes JMP 6E34EBEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!SetKeyboardState 770E695A 5 Bytes JMP 6E34E753 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!SendInput 770E7019 5 Bytes JMP 6E34F378 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!SetCursorPos 770FC1B0 5 Bytes JMP 6E34F3D0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!DialogBoxParamA 770FCF42 5 Bytes JMP 6E34DEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!DialogBoxIndirectParamA 770FD274 5 Bytes JMP 6E34DFA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!MessageBoxIndirectA 7710E869 5 Bytes JMP 6E34DE72 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!MessageBoxIndirectW 7710E963 5 Bytes JMP 6E34DE07 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!MessageBoxExA 7710E9C9 5 Bytes JMP 6E34DDA5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!MessageBoxExW 7710E9ED 5 Bytes JMP 6E34DD43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] USER32.dll!keybd_event 7710EC3B 5 Bytes JMP 6E34F703 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] SHELL32.dll!RealDriveType + 173D 75BBFE10 4 Bytes CALL 86F1A38A
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] SHELL32.dll!RealDriveType + 1745 75BBFE18 8 Bytes [F3, 34, 11, 6E, 17, 73, 10, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] ole32.dll!OleLoadFromStream 758F6143 5 Bytes JMP 6E34E293 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] ole32.dll!CoCreateInstance 75939D0B 5 Bytes JMP 6E213422 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!sendto 775A34B5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!closesocket 775A3918 5 Bytes JMP 001664FE
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!WSASend 775A4406 6 Bytes JMP 5F130F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!select 775A6989 5 Bytes JMP 00166538
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!recv 775A6B0E 5 Bytes JMP 001665AD
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!connect 775A6BDD 5 Bytes JMP 0016647F
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!send 775A6F01 5 Bytes JMP 00166657
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!WSARecv 775A7089 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!recvfrom 775AB6DC 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!WSARecvFrom 775ACBA6 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!WSAConnect 775ACC3F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2904] WS2_32.dll!WSASendTo 775BB30C 6 Bytes JMP 5F160F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F970F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [A1, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F910F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ole32.dll!CoGetClassObject 759254AD 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] ole32.dll!CoCreateInstanceEx 75939D4E 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!sendto 775A34B5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!closesocket 775A3918 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!WSASend 775A4406 6 Bytes JMP 5FD90F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!recv 775A6B0E 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!connect 775A6BDD 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!send 775A6F01 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!WSARecv 775A7089 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!recvfrom 775AB6DC 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!WSARecvFrom 775ACBA6 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!WSAConnect 775ACC3F 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3156] WS2_32.dll!WSASendTo 775BB30C 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F970F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [A1, 5F]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F910F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ole32.dll!CoGetClassObject 759254AD 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] ole32.dll!CoCreateInstanceEx 75939D4E 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!sendto 775A34B5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!closesocket 775A3918 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!WSASend 775A4406 6 Bytes JMP 5FD90F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!recv 775A6B0E 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!connect 775A6BDD 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!send 775A6F01 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!WSARecv 775A7089 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!recvfrom 775AB6DC 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!WSARecvFrom 775ACBA6 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!WSAConnect 775ACC3F 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3228] WS2_32.dll!WSASendTo 775BB30C 6 Bytes JMP 5FDC0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtClose 774A54C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtClose + 4 774A54CC 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtCreateFile 774A55C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtCreateFile + 4 774A55CC 2 Bytes [6B, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtCreateKey 774A5608 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtCreateKey + 4 774A560C 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtDeleteFile 774A5808 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtDeleteFile + 4 774A580C 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtDeleteKey 774A5818 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtDeleteKey + 4 774A581C 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtDeleteValueKey 774A5848 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtDeleteValueKey + 4 774A584C 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtDuplicateObject 774A5898 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtDuplicateObject + 4 774A589C 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtEnumerateKey 774A58E8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtEnumerateKey + 4 774A58EC 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtEnumerateValueKey 774A5918 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtEnumerateValueKey + 4 774A591C 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtLoadDriver 774A5B58 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtLoadDriver + 4 774A5B5C 2 Bytes [83, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtOpenFile 774A5CD8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtOpenFile + 4 774A5CDC 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtQueryMultipleValueKey 774A6108 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtQueryMultipleValueKey + 4 774A610C 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtQueryValueKey 774A6248 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtQueryValueKey + 4 774A624C 2 Bytes [62, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtReadFile 774A62B8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtReadFile + 4 774A62BC 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtSetContextThread 774A6568 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtSetContextThread + 4 774A656C 2 Bytes [80, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtSetInformationFile 774A6638 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtSetInformationFile + 4 774A663C 2 Bytes [77, 5F] {JA 0x61}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtSetValueKey 774A6808 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtSetValueKey + 4 774A680C 2 Bytes [65, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtUnloadKey 774A6968 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtUnloadKey + 4 774A696C 2 Bytes [68, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtWriteFile 774A6A68 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtWriteFile + 4 774A6A6C 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtWriteVirtualMemory 774A6A98 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ntdll.dll!NtWriteVirtualMemory + 4 774A6A9C 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] kernel32.dll!CopyFileExW 771BB238 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] kernel32.dll!CreateFileMappingW 771C120C 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] kernel32.dll!TerminateProcess 771C2BBD 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] kernel32.dll!MoveFileWithProgressW 771C8D8C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] kernel32.dll!MapViewOfFile 771C93DB 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] kernel32.dll!CreateFileMappingA 771C9C0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] kernel32.dll!MapViewOfFileEx 771CD7EC 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] kernel32.dll!CreateRemoteThread 7720FAF3 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!StartServiceW 775F7974 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!OpenServiceW 775FCA4C 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!OpenServiceA 77602BF0 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!CloseServiceHandle 7760369C 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!CreateServiceW 7761712C 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!ControlService 77617144 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!DeleteService 7761715C 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!ChangeServiceConfig2A 776330C8 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!ChangeServiceConfig2W 776330D8 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!ChangeServiceConfigA 776330E8 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!ChangeServiceConfigW 776330F8 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!CreateServiceA 77633158 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!StartServiceA 77633543 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!LsaAddAccountRights 77638819 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ADVAPI32.dll!LsaRemoveAccountRights 776388B1 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!CreateAcceleratorTableW 770B9794 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!CreateAcceleratorTableW + 4 770B9798 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!GetAsyncKeyState 770BA256 6 Bytes JMP 5F970F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!BeginDeferWindowPos 770BA6A6 6 Bytes JMP 5F8E0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!PostMessageA 770BB446 6 Bytes JMP 5FA90F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!SetWindowsHookExW 770BE30C 6 Bytes JMP 5FB20F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!SetWinEventHook 770C24DC 6 Bytes JMP 5FAC0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!GetKeyState 770C2B4D 6 Bytes JMP 5FA00F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!DispatchMessageA 770C2E32 6 Bytes JMP 5F910F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!PostMessageW 770C447B 6 Bytes JMP 5FA60F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!TranslateMessage 770C64C7 6 Bytes JMP 5F940F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!DispatchMessageW 770CCC61 6 Bytes JMP 5FB50F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!SetClipboardData 770D2962 6 Bytes JMP 5FB80F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!GetKeyboardState 770E6946 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!GetKeyboardState + 4 770E694A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!AttachThreadInput 770E6B54 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!AttachThreadInput + 4 770E6B58 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!SetWindowsHookExA 770E6D0C 6 Bytes JMP 5F8B0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] USER32.dll!DdeConnect 770FEB5B 6 Bytes JMP 5FA30F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ole32.dll!CLSIDFromProgIDEx 75900782 6 Bytes JMP 5F850F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[3440] ole32.dll!CLSIDFromProgID 7591503C 6 Bytes JMP 5F880F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!sendto 775A34B5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!closesocket 775A3918 6 Bytes JMP 5F220F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!WSASend 775A4406 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!recv 775A6B0E 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!connect 775A6BDD 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!send 775A6F01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!WSARecv 775A7089 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!recvfrom 775AB6DC 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!WSARecvFrom 775ACBA6 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!WSAConnect 775ACC3F 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3752] WS2_32.dll!WSASendTo 775BB30C 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!sendto 775A34B5 6 Bytes JMP 5F100F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!closesocket 775A3918 6 Bytes JMP 5F220F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!WSASend 775A4406 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!recv 775A6B0E 6 Bytes JMP 5F070F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!connect 775A6BDD 6 Bytes JMP 5F040F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!send 775A6F01 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!WSARecv 775A7089 6 Bytes JMP 5F160F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!recvfrom 775AB6DC 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!WSARecvFrom 775ACBA6 6 Bytes JMP 5F190F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!WSAConnect 775ACC3F 6 Bytes JMP 5F130F5A
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[3884] WS2_32.dll!WSASendTo 775BB30C 6 Bytes JMP 5F1F0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88C93042] \SystemRoot\System32\Drivers\spiu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88C936D6] \SystemRoot\System32\Drivers\spiu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88C93800] \SystemRoot\System32\Drivers\spiu.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88C9313E] \SystemRoot\System32\Drivers\spiu.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E103932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E101ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E0FC028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E103B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E105870] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E104731] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E104DCC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6E101D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E0FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E1006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E0FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E101A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E100043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E100CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E103932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E101ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E1006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E100CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E102ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E0FF1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E0FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E0FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E101A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E101ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E104DCC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E104731] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E0FDF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E1006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E103932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E0FDCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E0FDE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E100571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6E101D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E0FDBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E10417A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E105870] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E1046BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E104A6A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E10814E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E1088D4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E108498] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E107D69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E108BE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E108FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E107B86] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E108C3A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E107EA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E10785E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E107C2D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E1087AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E1085D4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6E107E07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6E109AAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6E1094A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6E1098E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E107F3A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E107E56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E1079F8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E109710] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6E107AE5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E109B66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E1097C9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E107701] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E109611] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E108102] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E107FD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E10819A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E108C89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E107CCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E108E84] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E108840] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6E10993E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E108674] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E1091F7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E108DD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E109D85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E108D2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E107A47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E108F3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E1077AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E1082D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E108530] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E108972] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E108368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E108400] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E109888] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E0FD9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E100F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E101904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E10141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E101A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E1009C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E0FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E0FF834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E0FF084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E1027FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E0FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E0FEB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E0FE563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E102ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E1027DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E0FE901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E100043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E0FEE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E101A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E109888] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E10982A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E108920] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E108C3A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E108D2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E107C2D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E108EE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E109D2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E108F3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E109D85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6E107B86] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[852] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E103932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E101ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E0FC028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E103B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E105870] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E104731] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E104DCC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6E101D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E0FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E1006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E0FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E101A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E100043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E100CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E103932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E101ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E1006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E100CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E102ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E0FF1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E0FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E0FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E101A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E101ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E104DCC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E104731] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E0FDF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E1006BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E103932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E0FDCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E0FDE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E100571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6E101D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E0FDBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E10417A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E105870] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E1046BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E104A6A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E10814E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E1088D4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E108498] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E107D69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E108BE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E108FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E107B86] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E108C3A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E107EA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E10785E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E107C2D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E1087AC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E1085D4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6E107E07] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6E109AAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6E1094A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6E1098E6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E107F3A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E107E56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E1079F8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E109710] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6E107AE5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E109B66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E1097C9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E107701] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E109611] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E108102] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E107FD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E10819A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E108C89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E107CCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E108E84] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E108840] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6E10993E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E108674] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E1091F7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E108DD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E109D85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E108D2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E107A47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E108F3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E1077AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E1082D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E108530] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E108972] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E108368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E108400] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E109888] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E0FD9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E100F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E101904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E10141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E101A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E1009C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E0FFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E0FF834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E0FF084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E1027FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E0FF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E0FEB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E0FE563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E102ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E1027DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E0FE901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E100043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E0FEE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E101BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E101A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E109888] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E10982A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E108920] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E108C3A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E108D2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E107C2D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E108EE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E109D2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E108F3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E109D85] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6E107B86] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2904] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E0F9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)
Device \FileSystem\Ntfs \Ntfs 84E7D1F8

AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys

Device \Driver\NetBT \Device\NetBT_Tcpip_{A8546EE5-6D1F-440F-B23F-73C12BEA8E9E} 85F6C1F8
Device \Driver\volmgr \Device\VolMgrControl 84E781F8
Device \Driver\usbuhci \Device\USBPDO-0 85FA71F8
Device \Driver\usbuhci \Device\USBPDO-1 85FA71F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{78D79FF0-B443-429B-97A5-C03EB0D0F309} 85F6C1F8
Device \Driver\usbehci \Device\USBPDO-2 85FBC500
Device \Driver\usbuhci \Device\USBPDO-3 85FA71F8
Device \Driver\usbuhci \Device\USBPDO-4 85FA71F8
Device \Driver\usbuhci \Device\USBPDO-5 85FA71F8
Device \Driver\usbehci \Device\USBPDO-6 85FBC500
Device \Driver\volmgr \Device\HarddiskVolume1 84E781F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 84E781F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85ED7500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E7A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 84E7A1F8
Device \Driver\atapi \Device\Ide\IdePort0 84E7A1F8
Device \Driver\atapi \Device\Ide\IdePort1 84E7A1F8
Device \Driver\atapi \Device\Ide\IdePort2 84E7A1F8
Device \Driver\atapi \Device\Ide\IdePort3 84E7A1F8
Device \Driver\atapi \Device\Ide\IdePort4 84E7A1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 84E7B1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 84E7B1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 84E7B1F8
Device \Driver\volmgr \Device\HarddiskVolume3 84E781F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 85F6C1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bfb18a0c7
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bfb18a0c7@0022fd446903 0x5B 0x2E 0xA0 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0x17 0x54 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bfb18a0c7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bfb18a0c7@0022fd446903 0x5B 0x2E 0xA0 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0x17 0x54 0xCB ...

---- EOF - GMER 1.0.15 ----

#9 Ok

1. Lass bitte diese Datei

Zitat

E:\Software\26i1g6d9.exe

bei Virustotal überprüfen.

2. Mache bitte einen Online Scan mit ESET
http://go.eset.com/us/online-scanner

Wenn bei diesen beiden Sachen alles gut ist, sollten wir durch sein.

#10 hey,

1. File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: ff72056739c31e4cc920fbdff4f9a8e5
Date first seen: 2011-07-19 14:51:29 (UTC)
Date last seen: 2011-11-01 10:06:03 (UTC)
Detection ratio: 2/40


war eins von den programmen die ich runterladen sollte...


2. doch noch zwei sachen gefunden. habe zwar auf finish und delete gedrückt aber keine ahnung ob das ging.

C:\Program Files\CONV\Setup19_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined

C:\Windows\System32\SensApid.dll a variant of Win32/Spy.Agent.NTN trojan cleaned by deleting (after the next restart) - quarantined

#11

Zitat

war eins von den programmen die ich runterladen sollte...

Ja, die Tools versuchen sich zu schützen und verwenden zufällig generierte Namen. Das ist zwar schön, sieht aber auch leider in den Logs ziemlich nach Malware aus.

Ansonsten noch etwas mehr Adware, nichts Kritisches. Du kannst noch nach Belieben Online Scanner einsetzen, um evtl. Reste zu erwischen, hier ist eine Liste:

http://scareware.de/online-scanner/online-virenscanner-pc-verzeichnisse/

Ansonsten sind wir fertig.

1. Starte OTL und klicke bitte auf CleanUP (Bereinigung). OTL entfernt sich daraufhin selbst.

2. Halte Dein System auf dem neuesten Stand, z.B. mit Hilfe von http://secunia.com/vulnerability_scanning/personal/

3. Lies Dir das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar

#12 Erledigt + Gelesen + Verstanden!!!!

Tausend dank für deine Zeit und Hilfe!!!!

Liebe Grüße